Menu
Your Linux-based home router culd succumb to a new Telnet worm, Remaiten

Your Linux-based home router culd succumb to a new Telnet worm, Remaiten

The worm takes advantage of exposed Telnet services with weak passwords to infect routers and other embedded devices

Building botnets made up of routers, modems, wireless access points and other networking devices doesn't require sophisticated exploits. Remaiten, a new worm that infects embedded systems, spreads by taking advantage of weak Telnet passwords.

Remaiten is the latest incarnation of distributed denial-of-service Linux bots designed for embedded architectures. Its authors actually call it KTN-Remastered, where KTN most likely stands for a known Linux bot called Kaiten.

When scanning for new victims, Remaiten tries to connect to random IP addresses on port 23 (Telnet) and if the connection is successful, it attempts to authenticate using username and password combinations from a list of commonly used credentials, researchers from ESET said in a blog post.

If the authentication succeeds, the bot executes several commands to determine the system's architecture. It then transfers a small downloader program compiled for that architecture that proceeds to download the full bot from a command-and-control server.

The malware has versions for mips, mipsel, armeabi and armebeabi. Once installed it connects to an IRC (Internet Relay Chat) channel and waits for commands from attackers.

The bot supports a variety of commands for launching different types of denial-of-service attacks. It can also scan for competing DDoS bots on the same system and uninstall them.

It's surprising that many networking devices still use Telnet for remote management, instead of the more secure SSH protocol. It's also unfortunate that many devices ship with Telnet service open by default.

Device owners should use one of the many free online port scanning tools to check if their router has port 23 open and should try to shut down the Telnet service from the device's Web-based administration interface. Unfortunately many gateway devices provided by ISPs to their customers don't give users full access to the management features.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments